<?php
session_start();

if($_POST["account"] && $_POST["password"])
{
	include("settings.php");
	$mysql_conn = mysql_connect($sql_host, $sql_user, $sql_pass);
	$db_select = mysql_select_db($sql_db, $mysql_conn);
	$user = strtoupper(trim(htmlspecialchars(mysql_real_escape_string($_POST["account"]))));
	$pass = trim(htmlspecialchars(mysql_real_escape_string($_POST["password"])));
	
	if(!mysql)
	{
		echo "Mysql Connection error: " . mysql_error();
		exit();
	}
	
	$hash = strtoupper(md5($pass));
	$query = mysql_query("SELECT 1 from authme where username='$user' and password='$hash'");
	
	if(mysql_num_rows($query) == 1)
	{
		//Success
		$_SESSION["bejelentkezve"] = 1;
		$_SESSION["user"] = $user;
		
		//Check for rows to prevent errors.
		$accid_query = mysql_query("SELECT username FROM authme where username='$user' LIMIT 1");
		$accid = mysql_result($accid_query, 0);
		
		$q_egy = mysql_query("SELECT 1 FROM votepanel WHERE accid='$user'");
		$q_ket = mysql_query("SELECT 1 FROM votetime WHERE accid='$user'");
		
		if(mysql_num_rows($q_egy) == 0)
		{
			$ins = mysql_query("
			INSERT INTO `votepanel` (
			`accid` ,
			`katt`
			)
			VALUES (
			'$user', '0'
			);
			");
		}
		
		if(mysql_num_rows($q_ket) == 0)
		{
			$ins_ketto = mysql_query("
            INSERT INTO `votetime` (`accid`, `time1`, `time2`) VALUES ('$user', '0', '0');
            ");
        }
		
		header("Location: loggedin.php");
	}
	else
	{
		$_SESSION["badlogin"] = 1;
		header("Location: index.php");
	}
}
else
{
	$_SESSION["badlogin"] = 1;
	header("Location: index.php");	
}
?>
